diff --git a/.github/styles/UmbracoDocs/Acronyms.yml b/.github/styles/UmbracoDocs/Acronyms.yml index 5a6c81e23e0..732a0e43ecd 100644 --- a/.github/styles/UmbracoDocs/Acronyms.yml +++ b/.github/styles/UmbracoDocs/Acronyms.yml @@ -26,6 +26,7 @@ exceptions: - CDN # Content Delivery Network - CI # Continuous Integration - CLI # Command Line Interface + - CNAME # - CMD # Command (Windows shell) - CMS # Content Management System - CPU # Central Processing Unit diff --git a/umbraco-cloud/build-and-customize-your-solution/handle-deployments-and-environments/umbraco-cicd/v1-umbraco-cloud-api.md b/umbraco-cloud/build-and-customize-your-solution/handle-deployments-and-environments/umbraco-cicd/v1-umbraco-cloud-api.md index a5181d9a5fc..5499bf7dbb2 100644 --- a/umbraco-cloud/build-and-customize-your-solution/handle-deployments-and-environments/umbraco-cicd/v1-umbraco-cloud-api.md +++ b/umbraco-cloud/build-and-customize-your-solution/handle-deployments-and-environments/umbraco-cicd/v1-umbraco-cloud-api.md @@ -6,8 +6,6 @@ hidden: true The Umbraco Cloud API serves as a publicly accessible endpoint that customers can utilize to execute relevant tasks. -While its initial focus is on automating and managing deployments in Umbraco Cloud projects via the "Umbraco CI/CD Flow," future enhancements will broaden its capabilities to encompass a wider range of activities and options for Umbraco Cloud users. - For the scope of this discussion, we will concentrate solely on the endpoints associated with interactions within the Umbraco CI/CD Flow. ## Getting started @@ -34,7 +32,9 @@ The two elements to be used for the authentication are: By including the API key header in your HTTP requests, you ensure secure access to your Umbraco Cloud project's resources. -For enhanced security, it's crucial to store the provided API key in a secure location. Options include a variable group in Azure DevOps or using the Secrets feature in GitHub Actions. It's important to note that each API key is tightly coupled with a specific Umbraco Cloud project and can only be used for deployments related to that project. +For enhanced security, it's crucial to store the provided API key in a secure location. Options include a variable group in Azure DevOps or using the Secrets feature in GitHub Actions. + +Each API key is tightly coupled with a specific Umbraco Cloud project and can only be used for deployments related to that project. ### How to authenticate your requests @@ -64,9 +64,9 @@ curl -s -X GET $url -H "Umbraco-Cloud-Api-Key: $apiKey" ### Create the deployment -The Create Deployment endpoint initiates a new deployment and returns a unique `deploymentId`. This call serves as the initial step in the deployment process. It requires a `projectId` specified in the URL path and a commit message included in the request body. Essentially, this establishes the metadata necessary for initiating the deployment process. If a deployment is already underway, initiating a new one will be possible but should be avoided. +The Create Deployment endpoint initiates a new deployment and returns a unique `deploymentId`. This call serves as the initial step in the deployment process. It requires a `projectId` specified in the URL path and a commit message included in the request body. This establishes the metadata necessary for initiating the deployment process. If a deployment is already underway, initiating a new one will be possible but should be avoided. -To create a deployment, you'll need to make an HTTP POST request. The request body should contain a simple JSON object with the commit message: +To create a deployment, you'll need to make an HTTP POST request. The request body should contain a JSON object with the commit message: ```json { @@ -121,13 +121,18 @@ Part of the returned response will be the actual `deploymentId`. The response fr ### Upload zip source file -To deploy content to the Umbraco Cloud repository, you need to perform an HTTP POST request to the Umbraco Cloud API. The deployment content should be packaged as a ZIP file, which must mirror the expected structure of the Umbraco Cloud repository. This ZIP file should include all relevant files such as project and solution files, and compiled frontend code. If your setup includes a frontend project with custom elements, the build artifacts from that project should also be included in the ZIP file, and placed in the appropriate directory within the repository structure. +To deploy content to the Umbraco Cloud repository, you need to perform an HTTP POST request to the Umbraco Cloud API. The deployment content should be packaged as a ZIP file, which must mirror the expected structure of the Umbraco Cloud repository. This ZIP file should include all relevant files such as project and solution files, and compiled frontend code. + +If your setup includes a frontend project with custom elements, the build artifacts from that project should be: + +* Included in the ZIP file, and +* Placed in the appropriate directory within the repository structure. The HTTP POST request should be made using the `multipart/form-data` content type. The request URL should incorporate both the `projectId` and `deploymentId` obtained from the previous step in the API path. The ZIP file must be structured the same way as described in the `Readme.md` included in all cloud projects starting from Umbraco 9. This also means if you need to change the name and/or structure of the project, you should follow the guide in the same Readme. -By adhering to these guidelines, you ensure that the uploaded content is an exact match with what is expected in the Umbraco Cloud repository, facilitating a seamless deployment process. +By adhering to these guidelines, you ensure that the uploaded content is an exact match with what is expected in the Umbraco Cloud repository. You also ensure a seamless deployment process. The purpose of packaging your content into a ZIP file is to replace the existing content in the Umbraco Cloud repository upon unpackaging. This ensures that the repository is updated with the latest version of your project files. @@ -135,11 +140,11 @@ Make sure your ZIP archive does not contain .git folder. If you're using the `.z #### A note about .gitignore -Umbraco Cloud environments are using git internally. This means you should be careful about the .gitignore file you add to the package. If you have “git ignored” build js assets locally, you need to handle this so that this is not being ignored in the cloud repository. +Umbraco Cloud environments are using git internally. This means you should be careful about the .gitignore file you add to the package. If you have “git ignored” build JavaScrips assets locally, you need to handle this so that this is not being ignored in the cloud repository. -**Note:** If the `.gitignore` file within the ZIP package does not exclude bin/ and obj/ directories, these will also be committed to the Umbraco Cloud repository. +**Note:** If the `.gitignore` file within the ZIP package does not exclude `bin/` and `obj/` directories, these will also be committed to the Umbraco Cloud repository. -**Best Practice:** If you have frontend assets your local repository's .gitignore file will most likely differ from the one intended for the Umbraco Cloud repository, it's advisable to create a separate .cloud\_gitignore file. Include this file in the ZIP package and rename it to .gitignore before packaging. This ensures that only the necessary files and directories are uploaded and finally committed to the Umbraco Cloud repository. +**Best Practice:** If you have frontend assets, your local repository's `.gitignore` file will most likely differ from the one intended for the Umbraco Cloud repository. It's recommended to create a separate `.cloud\_gitignore` file. Include this file in the ZIP package and rename it to `.gitignore` before packaging. This ensures that only the necessary files and directories are uploaded and finally committed to the Umbraco Cloud repository. In curl uploading the source file will be: @@ -153,7 +158,7 @@ curl -s -X POST $url \ --form "file=@$file" ``` -The response of this call will be the same deployment object (in JSON) as when creating a new deployment, but the deploymentState should now be 'Pending': +The response of this call will be the same deployment object (in JSON) as when creating a new deployment. The `deploymentState` should now be 'Pending': ```json { @@ -171,7 +176,7 @@ The response of this call will be the same deployment object (in JSON) as when c ### Start Deployment -After the source file has been uploaded the deployment can be started. This will queue the deployment in the Umbraco Cloud services which will start the deployment as soon as possible. Starting the deployment is an HTTP PATCH request to the Umbraco Cloud API. `projectId` and the `deploymentId` from the previous step must be included in the path, and the deployment state set to 'Queued' in the request body. +After the source file has been uploaded the deployment can be started. This will queue the deployment in the Umbraco Cloud services which will start the deployment as soon as possible. Starting the deployment is an `HTTP PATCH` request to the Umbraco Cloud API. `projectId` and the `deploymentId` from the previous step must be included in the path, and the deployment state set to 'Queued' in the request body. In curl starting a deployment will be: @@ -185,7 +190,7 @@ curl -s -X PATCH $url \ -d "{\"deploymentState\": \"Queued\"}" ``` -The response of this call will be the same deployment object (in JSON) as when creating a new deployment, but the deploymentState should now be 'Queued': +The response of this call will be the same deployment object (in JSON) as when creating a new deployment. The deploymentState should now be 'Queued': ```json { @@ -203,9 +208,9 @@ The response of this call will be the same deployment object (in JSON) as when c ### Get Deployment status -To monitor the status of a deployment—whether it's completed, successful, or otherwise — you can periodically query the 'Get Deployment Status' API. This API endpoint is an HTTP GET request to the Umbraco Cloud API, and it requires both the `projectId` and the `deploymentId` obtained from previous steps to be included in the path. +To monitor the status of a deployment—whether it's completed, successful, or otherwise — you can periodically query the 'Get Deployment Status' API. This API endpoint is an HTTP GET request to the Umbraco Cloud API. It requires both the `projectId` and the `deploymentId` obtained from previous steps to be included in the path. -Deployments in Umbraco services can take varying amounts of time to complete. Therefore, it's advisable to poll this API at regular intervals to stay updated on the deployment's current state. For example, in a simple project, you might choose to poll the API every 15 seconds for a duration of 15 minutes. These figures are just a starting point; the optimal polling frequency and duration may differ for your specific pipeline. Based on initial experience, a 15-minute window generally suffices, but we welcome your feedback to fine-tune these parameters. +Deployments in Umbraco services can take varying amounts of time to complete. Therefore, it's advisable to poll this API at regular intervals to stay updated on the deployment's current state. For example, you might choose to poll the API every 15 seconds for a duration of 15 minutes. These figures are a starting point; the optimal polling frequency and duration may differ for your specific pipeline. Based on initial experience, a 15-minute window generally suffices, but we welcome your feedback to fine-tune these parameters. Using a curl command, polling for the deployment status would look like this: @@ -339,11 +344,11 @@ fi ``` -The API response will vary based on whether or not there are changes to report. If no changes are detected, you'll receive an HTTP 204 No Content status. On the other hand, if there are changes, the API will return an HTTP 200 OK status along with a git-patch file as the content. This git-patch file can then be applied to your local repository to sync it with the changes. +The API response will vary based on whether or not there are changes to report. If no changes are detected, you'll receive an HTTP 204 No Content status. If there are changes, the API will return an HTTP 200 OK status along with a git-patch file as the content. This git-patch file can then be applied to your local repository to sync it with the changes. ### Possible errors -When interacting with the Umbraco Cloud API, you may encounter various HTTP status codes that indicate the success or failure of your API request. Below is a table summarizing the possible status codes, their corresponding errors, and basic root causes to guide your troubleshooting: +When interacting with the Umbraco Cloud API, you may encounter HTTP status codes that indicate the success or failure of your API request. Below is a table summarizing the possible status codes, their corresponding errors, and basic root causes to guide your troubleshooting: | Status Code | Error | Basic Root Cause | | ----------- | ------------------- | ----------------------------------------------------------------------------------- | diff --git a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/databases/backups.md b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/databases/backups.md index 9c3057fe873..ce257c458e9 100644 --- a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/databases/backups.md +++ b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/databases/backups.md @@ -18,7 +18,7 @@ When restoring a database backup on Umbraco Cloud, certain elements may cause is * **Complex Database Objects** - Custom complex database objects in SQL is an element with external dependencies or special server configurations, which may result in conflicts when restoring the database in our hosting platform. {% hint style="info" %} -Restoring a database replaces the existing database with a fresh one containing the restored content. Once a Restore has run, you cannot create database backups with a **Date and Time for snapshot (UTC)** earlier than the time of the Restore-operation. However, any existing backups are still available. +Restoring a database replaces the existing database with a fresh one containing the restored content. Once a Restore has run, you cannot create database backups with a **Date and Time for snapshot (UTC)** going back before the Restore-operation. However, any existing backups are still available. {% endhint %} ## Backup on Umbraco Cloud @@ -125,7 +125,7 @@ If a `bacpac` restore fails in SQL server, ensure the 'Contained Database Authen If it is not set the import will fail. -To Enable Contained Database Authentication, run the following SQL against your SQL server on the Master database. +To Enable Contained Database Authentication, run the following SQL against your SQL server on the main database. ```sql sp_configure 'contained database authentication', 1; diff --git a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/databases/cloud-database/local-database.md b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/databases/cloud-database/local-database.md index 07d1d4fb027..5117f19249a 100644 --- a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/databases/cloud-database/local-database.md +++ b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/databases/cloud-database/local-database.md @@ -17,7 +17,10 @@ Since Umbraco 10, **SQL CE** is no longer supported, instead, Umbraco now comes When cloning down your Umbraco project and restoring its content, it will create a `Umbraco.sqlite.db` file in `~/umbraco/Data/Umbraco.sqlite.db`. -To view your local SQLite database, you will need to use a program like [DB Browser for SQLite](https://sqlitebrowser.org/) or a Visual Studio extension like [SQLite and SQL Server Compact Toolbox](https://marketplace.visualstudio.com/items?itemName=ErikEJ.SQLServerCompactSQLiteToolbox). +To view your local SQLite database, you need to use software that supports reading that type of database: + +* A program like [DB Browser for SQLite](https://sqlitebrowser.org/) +* A Visual Studio extension like [SQLite and SQL Server Compact Toolbox](https://marketplace.visualstudio.com/items?itemName=ErikEJ.SQLServerCompactSQLiteToolbox) You can also configure your project to prefer SQL Server LocalDb when it's available on your local machine by enabling the Deploy [`PreferLocalDbConnectionString`](https://docs.umbraco.com/umbraco-deploy/deploy-settings#preferlocaldbconnectionstring) setting. @@ -25,7 +28,7 @@ To configure your database, you can add the connection string in the 'appsetting ## Using Custom Tables with Umbraco Cloud -Umbraco Cloud will ensure that your Umbraco-related data is always up to date, but it won't know anything about data in custom tables unless told. This is like any other host when it comes to non-Umbraco data. +Umbraco Cloud ensures that your Umbraco-related data is always up to date, but it won't know anything about data in custom tables. This is like any other host when it comes to non-Umbraco data. However, you have full access to the SQL Azure databases running on Umbraco Cloud. You can create custom tables like you'd expect on any other hosting provider. The easiest way to do this is to [connect using SQL Management Studio](./#connecting-to-your-cloud-database-locally). diff --git a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/README.md b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/README.md index 10944b1b9c8..862d0f5e809 100644 --- a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/README.md +++ b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/README.md @@ -30,20 +30,20 @@ Learn more about how this in the [Manage Security](managing-transport-security.m Umbraco Cloud Websites support the following TLS ciphers in this order: -* TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384 -* TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA256 -* TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA -* TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA -* TLS\_DHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384 -* TLS\_DHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256 -* TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA -* TLS\_DHE\_RSA\_WITH\_AES\_128\_CBC\_SHA +* `TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384` +* `TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA256` +* `TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA` +* `TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA` +* `TLS\_DHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384` +* `TLS\_DHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256` +* `TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA` +* `TLS\_DHE\_RSA\_WITH\_AES\_128\_CBC\_SHA` The different Ciphers can be enabled or disabled on the security project settings page for your Cloud projects.

Enable or disable TLS Ciphers

-### HSTS - HTTP Strict Transport Security +### HTTP Strict Transport Security (HSTS) It's possible to enforce HSTS: [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) by adding the headers to your website. This grants Umbraco Cloud Websites an A+ security rating on sslabs (March 2020). @@ -90,7 +90,7 @@ In order to integrate older external applications to access Umbraco Cloud Websit For ASP.NET applications, inspect the `` element of web.config to find the version of the .NET Framework your application is using. .NET applications on .NET 4.7+ are using the OS specified TLS protocols. In Windows 8 & 10, Windows Server 2012 & 2016 TLS 1.2+ is used by default, therefore no actions necessary. .NET applications lower then 4.7 require updates to ensure they can communicate using TLS 1.2 by default. -More information specifically from Microsoft about .Net applications and Transport Layer Security (TLS) support can be found [in Microsoft's official docs](https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#audit-your-code-and-make-code-changes). For other application frameworks/languages we encourage to lookup their respective documentations. +More information specifically from Microsoft about .Net applications and Transport Layer Security (TLS) support can be found [in Microsoft's official documentation](https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#audit-your-code-and-make-code-changes). For other application frameworks/languages we encourage to lookup their respective documentations. ### HTTP @@ -111,13 +111,13 @@ Umbraco Cloud offers a multitude of features allowing you to block access to dif * Basic Authentication allows access to the Backoffice & Frontend of Umbraco Cloud Websites for authenticated users only. {% hint style="info" %} -Basic authentication will not be available for projects running Umbraco 9. It is available for Umbraco Cloud version 10 (and newer) versions, however, the users are currently unable to exclude IP addresses for authentication using the allowlist feature. +Basic authentication will not be available for projects running Umbraco 9. It is available from Umbraco Cloud version 10. The users are currently unable to exclude IP addresses for authentication using the allowlist feature. {% endhint %} * IP based list allowing access to Frontend & Backoffice * IP based list allowing access to website database -### Web Application Firewall +### Web Application Firewall (WAF) WAF is or can be enabled on the custom hostname(s) you add to your Umbraco Cloud project. [Learn more about how this feature works and helps to secure your websites](web-application-firewall.md). @@ -135,7 +135,7 @@ For more information see [the related GitHub issue](https://github.com/Azure/app ## Deny specific IPs from accessing your website -You can block people and bots(e.g. a malicious scanning bot) from accessing your website by adding their IP addresses to a deny-list. +You can block people and bots(like a malicious scanning bot) from accessing your website by adding their IP addresses to a deny-list. The following rule can be added to your web.config file in the `system.webServer/rewrite/rules/` section. diff --git a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/managing-transport-security.md b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/managing-transport-security.md index 40e7336e8ef..334d2f2fced 100644 --- a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/managing-transport-security.md +++ b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/managing-transport-security.md @@ -1,6 +1,6 @@ # Managing Transport Security -Once you have added your custom hostnames to your Umbraco Cloud project, it's possible to configure certain transport security options for all or specific custom hostnames within your project. These security options all relate to the traffic that goes through your hostname from the origin (Umbraco Cloud) to the end-user - meaning the protocols and encryption used to transport your website and assets from the webserver to the browser. +Once you have added your custom hostnames to your Umbraco Cloud project, it's possible to configure certain transport security options for your custom hostnames. These options all relate to the traffic that goes through your hostname from the origin (Umbraco Cloud) to the end-user. This includes the protocols and encryption used to transport your website and assets from the webserver to the browser. Currently, these options are available: @@ -16,11 +16,13 @@ When a new custom hostname is added to a Project it will have the default settin ## HTTP/2 Explained -The first usable version of HTTP was created in 1997. Because it went through different stages of development, this first version of HTTP was called HTTP/1.1. This version is still in use on the web. In 2015, a new version of HTTP called HTTP/2 was created. HTTP/2 progressively enhances your website’s performance. When a browser supports HTTP/2, Umbraco Cloud will take full advantage of HTTP/2 performance benefits end to end. For older browsers or non-HTTPS requests, the traffic will fall back to HTTP/1.1. You don’t need to choose between better performance and backward compatibility, which is why HTTP/2 is enabled by default for all new custom hostnames added to a Umbraco Cloud project. +The first usable version of HTTP was created in 1997. Because it went through different stages of development, this first version of HTTP was called HTTP/1.1. This version is still in use on the web. In 2015, a new version of HTTP called HTTP/2 was created. HTTP/2 progressively enhances your website’s performance. When a browser supports HTTP/2, Umbraco Cloud will take full advantage of HTTP/2 performance benefits end to end. For older browsers or non-HTTPS requests, the traffic will fall back to HTTP/1.1. + +You don’t need to choose between better performance and backward compatibility. This is why HTTP/2 is enabled by default for all new custom hostnames added to a Umbraco Cloud project. ## TLS 1.3 Explained -Transport Layer Security (TLS) TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol. SSL/TLS is the protocol that encrypts communication between users and your website. When web traffic is encrypted with TLS, users will see the green padlock in their browser window. By turning on the TLS 1.3 option, traffic to and from your website will be served over the TLS 1.3 protocol when supported by clients. TLS 1.3 protocol has improved latency over older versions, has several new features, and is currently supported in both Chrome (starting with release 66), Firefox (starting with release 60), and in development for Safari and Edge browsers. +Transport Layer Security (TLS) TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol. SSL/TLS is the protocol that encrypts communication between users and your website. When web traffic is encrypted with TLS, users will see the green padlock in their browser window. By turning on TLS 1.3, traffic to and from your website will be served over the TLS 1.3 protocol when supported by clients. The TLS 1.3 protocol has improved latency, new features, and is supported in Chrome (starting with release 66), Firefox (starting with release 60). ## Minimum TLS Version Explained @@ -68,7 +70,7 @@ Aside from the environments, the Security page is divided into 'Default Settings

Security Settings Umbraco Cloud

-If you want to have different security options for different custom hostnames, then select the custom hostname under **Hostname Specific Settings** and adjust the options for that specific hostname. This might be useful if you want to test the different options on another custom hostname than your primary hostname. +If you want to have different security options for different custom hostnames, select the custom hostname under **Hostname Specific Settings** and adjust the options. This might be useful if you want to test the different options on another custom hostname than your primary hostname.

Hostname Specific settings

diff --git a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/web-application-firewall.md b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/web-application-firewall.md index 72ee5305689..cd3c4c573fa 100644 --- a/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/web-application-firewall.md +++ b/umbraco-cloud/build-and-customize-your-solution/set-up-your-project/security/web-application-firewall.md @@ -6,14 +6,14 @@ description: >- # Web Application Firewall -A Web Application Firewall (WAF) is a security solution designed to protect web applications by filtering and monitoring HTTP traffic between them and the Internet. By acting as a shield between the web application and potential threats, it helps mitigate various common attacks such as cross-site scripting (XSS), SQL injection, and file inclusion.[ ](https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/) +A Web Application Firewall (WAF) is a security solution designed to protect web applications by filtering and monitoring HTTP traffic between them and the Internet. By acting as a shield between the web application and potential threats, it helps mitigate common attacks. This could be attacks like cross-site scripting (XSS), SQL injection, and file inclusion.[ ](https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/) ## Umbraco Cloud WAF Umbraco Cloud uses [Cloudflare’s Managed Rulesets](https://developers.cloudflare.com/waf/managed-rules/) which include pre-configured rules that provide immediate protection against a wide range of threats. These managed rulesets are regularly updated to defend against the latest vulnerabilities and attack techniques. The rulesets include protections against: * **Zero-day vulnerabilities**: Newly discovered vulnerabilities that have not yet been patched. -* **Top-10 attack techniques (logging only)**: Common attack methods identified by security organizations like OWASP. +* **Top-10 attack techniques (logging only)**: Common attack methods identified by security organizations like Open Worldwide Application Security Project (OWASP). WAF is enabled by default on each custom hostname. It is not available for the internal Cloud hostnames. diff --git a/umbraco-cloud/explore-umbraco-cloud/technology-overview/README.md b/umbraco-cloud/explore-umbraco-cloud/technology-overview/README.md index fd9e50fdee0..06d8aa61770 100644 --- a/umbraco-cloud/explore-umbraco-cloud/technology-overview/README.md +++ b/umbraco-cloud/explore-umbraco-cloud/technology-overview/README.md @@ -2,7 +2,7 @@ ## Overview -Umbraco Cloud is built on a modern, cloud-native technology stack designed to simplify your development workflow, automate deployment, and ensure reliable, scalable hosting. This section provides a comprehensive overview of the key technologies that power your Cloud projects — from version control and cloud infrastructure to deployment automation and developer tools. +Umbraco Cloud is built on a modern, cloud-native technology stack designed to simplify your development workflow, automate deployment, and ensure reliable, scalable hosting. This section provides a comprehensive overview of the key technologies that power your Cloud projects. From version control and cloud infrastructure to deployment automation and developer tools. ### Version Control with Git @@ -35,7 +35,7 @@ Umbraco Cloud includes an integrated CI/CD pipeline that automates the deploymen * Each commit triggers a build and deployment to your project’s environments (Development, Staging, Production). * Deployments are fast, reliable, and consistent, reducing manual errors. -* You can easily promote changes through environments, ensuring quality control before going live. +* You can promote changes through environments, ensuring quality control before going live. For more information, see the [Umbraco CI/CD Flow](../../build-and-customize-your-solution/handle-deployments-and-environments/umbraco-cicd/) article. diff --git a/umbraco-cloud/explore-umbraco-cloud/technology-overview/repositories-in-a-cloud-project.md b/umbraco-cloud/explore-umbraco-cloud/technology-overview/repositories-in-a-cloud-project.md index ed1aa7338fb..12b7fa09b91 100644 --- a/umbraco-cloud/explore-umbraco-cloud/technology-overview/repositories-in-a-cloud-project.md +++ b/umbraco-cloud/explore-umbraco-cloud/technology-overview/repositories-in-a-cloud-project.md @@ -13,12 +13,14 @@ Ideally, your Umbraco Cloud setup should look like this: ## A source control repository with your own code -Source control is a way to control changes to files and directories. You can keep a record of changes and revert to specific versions of a file in the event you would like to back up to an earlier time. A source control repository is used as the single source of truth that has the latest version of your project source code with all the git branches. +Source control is a way to control changes to files and directories. You can keep a record of changes and revert to specific versions of a file in the event you need to revert to an earlier time. A source control repository is used as the single source of truth that has the latest version of your project source code. There are different source code management tools that you can use such as GitHub, Git, GitLab, Apache Subversion (SVN), Mercurial, etc. {% hint style="info" %} + An example of how to use GitLab for setting up automatic deployments can be found on the [online Umbraco Community magazine Skrift.io](https://skrift.io/issues/using-gitlab-bidirectional-mirroring-azure-devops-release-pipelines-to-auto-deploy-into-umbraco-cloud/). + {% endhint %} {% tabs %} @@ -27,7 +29,7 @@ The external Git repository can be used to store the entire source code of your {% endtab %} {% tab title="Legacy Umbraco 7 and 8" %} -You need to put your custom code in a different source control repository of your choice. You can use the source control repository to store the custom models, controllers, class libraries, CS code etc as the Umbraco Cloud Git repository can only store the dll files of your C# files. +You need to put your custom code in a different source control repository of your choice. Use the source control repository to store the custom models, controllers, class libraries and CS code. The Umbraco Cloud Git repository can only store the dll files of your C# files. {% endtab %} {% endtabs %} @@ -45,7 +47,7 @@ Once you're happy with the results or wish to see how your website has progresse In the above diagram, the Umbraco Git repository contains the source code of a class library CS project. -With this setup, once you commit your code in the Umbraco Cloud Git repository, your C# source code is built by Umbraco Cloud and then deployed to the `wwwroot` folder. +Once you commit your code in the Umbraco Cloud Git repository, your C# source code is built and then deployed to the `wwwroot` folder. #### Disadvantages of using an Umbraco Cloud Project repository as a source code repository @@ -58,7 +60,7 @@ With this setup, once you commit your code in the Umbraco Cloud Git repository,

Umbraco cloud overview Legacy versions

-In the above diagram, the external git repository contains the source code of a class library CS project, if you had a class library project that was used in your Cloud project. +In the above diagram, the external git repository contains the source code of a class library CS project with a class library project. With this setup, you commit your changes twice. Once to commit your code in your source control and the other commit to the Umbraco Cloud Git repository to deploy your website. Your source code is not hosted on Umbraco Cloud but only your cloned project will be in the Umbraco Cloud Git Repository. Your code is built and compiled into the cloned project and then pushed to Umbraco Cloud. Thus updating the site with your latest code changes. diff --git a/umbraco-cloud/go-live/launching-your-site.md b/umbraco-cloud/go-live/launching-your-site.md index 94892f27d81..8ddfdbe491d 100644 --- a/umbraco-cloud/go-live/launching-your-site.md +++ b/umbraco-cloud/go-live/launching-your-site.md @@ -12,7 +12,7 @@ Working with Umbraco Forms, allows you to set up email workflows that enable you ## [Manage Hostnames](manage-hostnames/) -When you create a project on Umbraco Cloud, the generated project URL is based on the project's name and that might not be the preferred URL for your website. Therefore, you have the option to add your hostname. +When you create a project on Umbraco Cloud, the generated project URL is based on the project's name. You have the option to a custom hostname. {% hint style="info" %} Before adding a hostname, you need to update your DNS host domain registrar DNS entries to resolve to `umbraco.io`. We recommend setting a CNAME record for your site using the `dns.umbraco.io` Umbraco Cloud DNS record. You can read more about how to do this under [Manage Hostnames](manage-hostnames/). @@ -23,7 +23,9 @@ Before adding a hostname, you need to update your DNS host domain registrar DNS The last step before your website goes live and is accessible to the public is to deploy it to the Live environment. When everything has been tested in the left-most mainline environment or locally, you are ready to deploy the site to your live environment and make it public. {% hint style="info" %} -If you would like to keep track of what goes on with your website after it has gone live, you can set up a [Deployment Webhook](../build-and-customize-your-solution/handle-deployments-and-environments/deployment/deployment-webhook.md). This is a great way to keep an eye on your project and it works great with [Slack](https://slack.com/). + +If you want to keep track of what goes on with your website after publishing, you can set up a [Deployment Webhook](../build-and-customize-your-solution/handle-deployments-and-environments/deployment/deployment-webhook.md). This is a great way to keep an eye on your project and it works great with [Slack](https://slack.com/). + {% endhint %} {% hint style="info" %} diff --git a/umbraco-cloud/optimize-and-maintain-your-site/manage-product-upgrades/hotfixes/move-files-manually.md b/umbraco-cloud/optimize-and-maintain-your-site/manage-product-upgrades/hotfixes/move-files-manually.md index 3eb11d4174d..44ae48ef6a4 100644 --- a/umbraco-cloud/optimize-and-maintain-your-site/manage-product-upgrades/hotfixes/move-files-manually.md +++ b/umbraco-cloud/optimize-and-maintain-your-site/manage-product-upgrades/hotfixes/move-files-manually.md @@ -19,7 +19,7 @@ In this tutorial GitKraken has been used, however, you can use any Git GUI you p You have an Umbraco Cloud project with two environments, **Development** and **Live**. -You have been working on building the site on a local clone of the Development environment, and now you want to send some but not all changes to the Live environment. +You have been working on building the site on a local clone of the Development environment. Now, you want to send some but not all changes to the Live environment. Three commits have been pushed from your local clone to the Development environment. Out of these three commits, you only need the changes from one of the commits in the Live environment. @@ -52,7 +52,7 @@ For the sake of simplicity here's an explanation of the names I'll be using in t 3. Copy and paste the new and/or updated files from your Development repository to your Live repository. 4. You can now _Stage_ and _Commit_ these changes to the Live repository in Git. -One of the benefits of having the Live environment cloned down, is that you can test the new changes locally before sending them to the Live environment. +A benefit of having the Live environment cloned down, is that you can test the new changes locally before sending them to the Live environment. ### Test changes locally @@ -71,10 +71,12 @@ Once you've checked that everything works locally, you are ready to push to the 1. Push the committed changes to the Live environment using Git. {% hint style="info" %} + When changes are pushed directly to a Live environment and you have more than one environment, the changes are not automatically extracted to the site. + {% endhint %} -2\. Run the Deploy operation `Update Umbraco Schema From Data Files`from the Deploy Dashboard +2. Run the Deploy operation `Update Umbraco Schema From Data Files`from the Deploy Dashboard You have now applied a hotfix to the Live environment. diff --git a/umbraco-cloud/optimize-and-maintain-your-site/manage-product-upgrades/hotfixes/using-git.md b/umbraco-cloud/optimize-and-maintain-your-site/manage-product-upgrades/hotfixes/using-git.md index f9cb25af1fa..944b93fb222 100644 --- a/umbraco-cloud/optimize-and-maintain-your-site/manage-product-upgrades/hotfixes/using-git.md +++ b/umbraco-cloud/optimize-and-maintain-your-site/manage-product-upgrades/hotfixes/using-git.md @@ -7,14 +7,14 @@ In this article, you'll find a step-by-step guide on how to apply a hotfix to a {% hint style="info" %} You can use whichever Git client or command line interface you prefer. -If you've never worked with cherry-picking before, we recommend that you use a Git client with a UI that gives you a visual overview of your commits. +If you've never worked with cherry-picking before, we recommend that using a Git client with visual overview of your commits. {% endhint %} ## The scenario You have an Umbraco Cloud project with two environments, Development and Live. -You have been working on building the site on a local clone of the Development environment, and now you want to send some but not all changes to the Live environment. +You have been working on building the site on a local clone of the Development environment. Now you want to send some but not all changes to the Live environment. A set of commits have been pushed from your local clone to the Development environment. Out of these commits, you only need the changes from two of the commits in the Live environment for now. @@ -58,13 +58,15 @@ Before you push the newly created branch to Umbraco Cloud we need to change the 3. You will be prompted to authenticate - use your Umbraco Cloud credentials. 4. You will see that the history from the Live repository is visible in the Git history. 5. Next step; hit **Push**. -6. Choose to push to the newly added remote, and write **master** to make sure you are pushing to the master branch on the Live environment. +6. Choose to push to the newly added remote, and write **master** to make sure you are pushing to the master branch on the Live environment. ![Choose remote](images/choose-remote.png) 7. Hit **Submit** and the push will start. {% hint style="info" %} + When changes are pushed directly to a Live environment and you have more than one environment, the changes are not automatically extracted into the site. + {% endhint %} Find a guide on how to extract the files in the [Manual Extraction](../../monitor-and-troubleshoot/power-tools/manual-extractions.md) article.